authorized Admin Account Takeover in instantsoft/icms2

Valid

Reported on

Aug 9th 2023

Description

The [icms2] contains a flaw in its admin account management functionality, specifically in the process of changing and resetting passwords for administrators. Through careful analysis and testing, it was observed that an authenticated administrator has the capability to change the password of any other administrator's account, effectively allowing unauthorized access and takeover.

Proof of Concept

I performed a test using admin demo user to change other admin user nickname as i shown in my video poc whic you can find it here:
https://wormhole.app/yOKEq#6MTOE7wwFPFM43elm-Qllg

Impact

Exploiting this vulnerability enables an authenticated attacker to misuse their legitimate access and gain unauthorized control over other administrator accounts.

We are processing your report and will contact the instantsoft/icms2 team within 24 hours. a month ago

We have contacted a member of the instantsoft/icms2 team and are waiting to hear back a month ago

A instantsoft/icms2 maintainer modified the Severity from Medium (6.7) to Medium (4.7) a month ago

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1

A instantsoft/icms2 maintainer validated this vulnerability a month ago

10Xdev has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A instantsoft/icms2 maintainer marked this as fixed in 2.16.1-git with commit 78ff8c a month ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Aug 31st 2023

A instantsoft/icms2 maintainer gave praise a month ago

Thank you

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

10Xdev

commented a month ago

Researcher

thank you so much

A instantsoft/icms2 maintainer published this vulnerability 22 days ago

to join this conversation